Skip to content

BIM.PR.27 — VPN Access

BİM.PR.27 — VPN Access Procedure

Document No BİM.PR.27 Version 1.0 First Published 26.04.2026
Owner Group Network & Security Group
Approver Mehmet ARARAT — IT Director
Legal Basis KVKK Art.12 · Law No. 5651 · ISO/IEC 27001:2022 A.6.7 · BİGDES
Related Documents KYS.POL.01 P08 (Remote Access), P17 (VPN), P03 (Internet), KYS.POL.04, BİM.PR.05, BİM.PR.12, BİM.PR.13, BİM.PR.14

1. Purpose and Scope

Within the framework of KYS.POL.01 P08 (Remote Access) and P17 (VPN), defines the scope, authorisation workflow and security requirements for VPN use when accessing the institutional network from off-campus.

2. Who May Use VPN

VPN is available to users with a work or educational need:

  • Academic staff (permanent)
  • Administrative staff (upon request)
  • Postgraduate students (for research purposes, academic supervisor approval)
  • Undergraduate students: limited, library database access only

VPN request: destek.hku.edu.tr → “VPN Access Request” form, unit manager approval.

3. Requirements

  • VPN connection cannot be established without active 2FA
  • Current VPN client version (distributed by BIM)
  • Operating system fully patched (BİM.PR.25)
  • Endpoint anti-malware active
  • Disk encryption enabled

4. Supported Protocols

Per P08 + P17: IPSec VPN, L2TP, SSL VPN, PPTP — appropriate protocol is used. SSL VPN recommended for mobile devices (IPSec limited on mobile). Certificate-based access additionally for vendors.

5. Connection Rules

  • Maximum 2 simultaneous sessions per user
  • Session duration limit: 8 hours (2FA required again afterwards)
  • Bandwidth: fair use (continuous streaming/torrenting prohibited)
  • VPN password changed every 6 months per P08 Art.592
  • Split-tunnelling control — access to other institutions via personal network while VPN is active may be restricted
  • All traffic logged in compliance with Law No. 5651 (BİM.PR.24)

6. Prohibited Actions

  • Managing personal home network devices over the institutional network
  • Commercial use
  • VPN tunnelling via third-party software not provided by the institution

7. Incident Response

Suspicious VPN activity (unusual time, location, traffic):

  • Automatic disconnection
  • User notification
  • Investigation within 24 hours (BİM.PR.10)

8. Violation

KYS.POL.04 Art.55 + P08.

9. Effective Date

26.04.2026; revised January/July.

Hasan Kalyoncu University · IT Directorate
Osmanlı Mah. Havaalanı Yolu Üzeri 8. Km 27010 Şahinbey/Gaziantep
444 6 458 · destek@hku.edu.tr · destek.hku.edu.tr · portal.hku.edu.tr
KEP: hasankalyoncu.unv@hs01.kep.tr

Scroll to Top